Two vulnerabilities in Tesla's keyless entry system allowed researchers to clone a key fob and drive away with a Model X. The electric vehicle manufacturer is issuing over-the-air updates to fix the flaws, which allegedly center on a failure to validate firmware updates and a faulty Bluetooth pairing protocol.
IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.
The Telecommunications Security Bill introduced by the British government aims to set enforceable, minimum security standards for the nation's telecommunications providers, backed by penalties, including for any company that opted to use equipment from high-risk providers such as China's Huawei.
The U.S. Senate on Tuesday unanimously passed federal IoT security legislation that will require the government to only procure devices that meet minimum cybersecurity requirements. The bill now moves to President Donald Trump's desk.
Many organizations that are relying on network segmentation to secure connected medical devices are making mistakes that put the devices, data and networks at risk, says Daniel dos Santos, research manager at Forescout Technologies.
IoT devices are like sausages: They're full of components of varying quality, and it's invariably disturbing to think about their origins. New guidance helps address how to reduce the risk of potentially vulnerable components in connected devices.
Distributed denial-of-service attacks have not garnered much attention this year. But analysts say such attacks could surge, and they have the potential to be just as damaging as ransomware and other types of cyberthreats.
The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs. This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency.
Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.
Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses at $100 million.
After a federal judge blocked an order that would have banned ByteDance-owned TikTok from operating within the U.S., the Commerce Department vowed to continue to defend the Trump administration's executive order. Additional court hearings over the order are scheduled for later this year.
Newly updated Food and Drug Administration guidelines will help experts to more accurately score and communicate the criticality of security vulnerabilities identified in medical devices, says Elad Luz, head of security research at CyberMDX.
The latest edition of the ISMG Security Report features a discussion with FBI Agent Elvis Chan on the cyber disruptions to expect immediately after the Nov. 3 U.S. election. Also featured: smart lock security flaws; cryptocurrency-funded crimes in 2021.
Although IoT door locks are ultimately designed to keep people out, they may actually be the way in. Craig Young of Tripwire describes problems he found in U-tec's Ultraloq and other issues with IoT security.